openSUSE:Infrastructure policy

(Redirected from Infrastructure policy)
Jump to: navigation, search
The SUSE-IT team together with the openSUSE heroes maintain the openSUSE infrastructure and members of the community have the opportunity to manage and administer services related to their work and contributions on the openSUSE infrastructure.

This policy should help both sides getting the right expectations and assumptions to successfully provide the infrastructure behind openSUSE.

openSUSE infrastructure policy

Servers are either hosted in Provo, UT, USA or Nuremberg, Germany. New deployments will predominantly take place in Nuremberg, Germany. All servers must comply with the requirements outlined below:

  1. Direct login with password must be disabled, only ssh-key login is allowed
  2. For recovery reasons, every administrator has to provide the root password in an encrypted form, so it can be stored in the gitlab repository.
  3. At least one person responsible for managing the server is registered with the SUSE-IT
    1. Person responsible is expected to respond to e-mail within 48 hours
    2. It is desirable that the responsible person is reachable on IRC on most days between the hours of 11:00 A.M. And 3:00 P.M. UTC
  4. Services accessible externally need to be minimized
  5. All services must start automatically after a reboot
  6. Servers are configured with a static IP address
  7. In general servers should run openSUSE or SUSE as the operating system. The operating system on the server needs to be maintained
  8. Servers are configured to access the appropriate update repositories
  9. Automatic updates need to be enabled, it is acceptable to skip updates that require user interaction
  10. All security updates (including kernel updates) must be installed as soon as possible. If this is for some reason not possible an exception must be granted by SUSE-IT team
  11. Services available via network should be protected with AppArmor or SELinux
  12. If console access is required a written agreement is needed
  13. Monitoring : all machine have to answer on ICMP echo request (ping), monitoring other services is recommended.
  14. Remote syslogging must be configured
  15. It is recommended to store at least the configuration in Gitlab and use Salt for deployment.
  16. Anyone maintaining a server on the openSUSE infrastructure is expected to be subscribed to the mailing list.
  17. Anyone maintaining a server should have ticket access on and read his tickets regulary
  18. Being available at the IRC channel at irc:// is a plus

All systems are subject to a maintenance window every Thursday between 8:00 A.M. And 10:00 A.M. local Nuremberg time.

The SUSE-IT team maintains a list of servers maintained on the openSUSE infrastructure. Adding new services requires agreement to this policy and a request to the openSUSE infrastructure team via Violations of the policy will be documented and escalated to the openSUSE board. In emergency or security cases the SUSE-IT team reserves the right to shut down the server. People listed as contacts will be informed accordingly.

All running servers will be evaluated every 6 month to determined continued need for the services provided. If a service is deemed outdated or the server hosts content that may no longer be needed the maintainer on record will be contacted to provide additional details. If no response is received within a 2 week period the server will be shut down.


IRC channels

Issue reports / Mailing list

Other communication

  • list of responsible people to contact if you experience problems with any service
  • a list of services provided for the openSUSE community can be found (in the future here
  • Important maintenance news of the infrastructure is posted to
  • A blog with generic infrastructure news can be found here
  • For ways to communicate with us individually check our list of members

See also

Related articles

External links